Invalid configuration encountered when using withObjectPostProcessor in SpringSecurity 5.7.3

Language 2023-04-08 09:20:22 views: null

Introduction

The version used in the project SpringBoot 2.7.4, and the corresponding Spring Security is version 5.7.3, and there are certain changes in the process of using Spring Security.
The first is the configuration method, which we will inherit before WebSecurityConfigurerAdapter, but in the new version, the configuration is directly declared in the form of an interface. The rest of the configuration is similar. Of course, many new methods have been added, but the familiar configuration method can also be used.
Here I mainly talk about withObjectPostProcessorthe problems I encountered when I was using it due to my handicap. I http.authorizeRequests()wrote the configuration http.authorizeHttpRequest(). Because the methods that can be configured in their code prompts are basically the same, I have not found it. I finally saw this when I re-typed the configuration file. Then I went to the official website to find their differences. For specific differences, you can check the official [Original Introduction] . Let me talk about it here in general. Generally speaking, authorizeHttpRequestit is the configuration method that the official will mainly recommend in future versions. It authorizeRequestshas the following points for improvement:

  • Use a simplified AuthorizationManager API instead of metadata sources, configuration properties, decision managers and voters. This simplifies reuse and customization.
  • Delayed authentication lookups. Instead of needing to look up authentication for every request, it will only look for it in requests where authentication is required for authorization decisions. (This is still relatively good, sometimes not every request needs to be verified in the application)
  • Bean-based configuration support.
    When using authorizeHttpRequests instead of authorizeRequests, use AuthorizationFilter instead of FilterSecurityInterceptor.
    authorizeHttpRequests

Step on the pit reminder

If you use it authorizeHttpRequests, withObjectPostProcessorit is invalid to use it to configure our custom metadata source and permission decision configuration, because it will not go in. I am curious why since this has such a big pit in use, the official has left this for it The method may be that I don’t know how to use it, but authorizeHttpRequestsall the configurations can be used normally after I changed it.

Guess you like

Origin blog.csdn.net/hhl18730252820/article/details/126811387
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com